Session timeout weirdness?

What I've decided to do is use a cookie rather than the site's session variable to check if they're logged in. As this is a chat app, they get an hour when they first open the chat page And every time they post a message it gets reset to an hour later That way posters stay logged in and lurkers get bumped off On load: response. Cookies("chatuser")=nickname response.

Cookies("chatuser"). Expires=now()+0.5 On post a message: response. Cookies("chatuser").

Expires=now()+0.5.

What I've decided to do is use a cookie rather than the site's session variable to check if they're logged in. As this is a chat app, they get an hour when they first open the chat page. And every time they post a message it gets reset to an hour later.

That way posters stay logged in and lurkers get bumped off. On load: response. Cookies("chatuser")=nickname response.

Cookies("chatuser"). Expires=now()+0.5 On post a message: response. Cookies("chatuser").

Expires=now()+0.5.

Sounds like you're using Forms Authentication and that the authentication cookie is expiring as well. Each time a request is sent to the application and the current session is still valid the session timeout will be renewed. Forms Authentication can work in two ways.

You can keep a user logged in for a fixed amount of time or use a sliding expiration. For example: The above sets the forms authentication timeout to 15 minutes but also enables the sliding expiration (slidingExpiration="true". Provided a user revisits the site within 15 minutes the cookie lifetime will be extended and the user will stay authenticated.

If slidingExpiration="false" then a user will be kicked off after 15 minutes regardless of when they last accessed the site. It's also a good idea to have the Forms Authentication cookie expire slightly earlier than the Session timeout. This means users get kicked off before encountering null Session data if it's the other way around.

The chat page doesn't use any form submission but uses Ajax to grab the form field data and post it. Also it's the ASP script called by the ajax which checks if the session has expired and if it has it sends back data which pops up an alert telling the user they've been logged out. The actual ASP script used by Ajax doesn't require the user to be logged in so it never generates an error.

– derekcohen Feb 6 at 21:36 @derek - my apologies, I assumed you were using ASP.NET. – Kev? Feb 6 at 21:42 @derek - so definitely classic ASP and not ASP.

NET? – Kev? Feb 6 at 21:46 yes classic ASP I'm afraid – derekcohen Feb 6 at 7:02.

If the AJAX requests don't contain the Session ID that is placed in a cookie by ASP then the requests will not maintain the session regardless of how frequent they are.

– derekcohen Feb 7 at 14:10 I'm not sure - it will depend on the code you are using to do the AJAX requests and how much control over the HTTP request you have – RobV Feb 7 at 14:50.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.